20.5k unique visitors in the last 3 days

TrendLabs Security Report: Sharp rise in mobile malware since 2012

The annual TrendLabs Security Report, published by Trend Micro, is well worth a read. Here are some interesting insights from their new report:Trend's software found that instances of mobile malware and high-risk apps had more than doubled between 2012 and 2013. Trend defines 'high-risk' apps as those which compromise user experience because they display unwanted ads, create unnecessary shortcuts, or gather device information without user knowledge nor consent. 27% of malicious and high-risk mobile apps could be found on legitimate app stores such as Google Play. Blackberry found that 2% of repackaged Android apps were too risky, so blocked them from their Blackberry World market. As well as using improved technology, criminals also took advantage of human gullibility with respect to innovation. For example, smartphone users who scan a QR code have no way of evaluating if the code is part of a malicious scheme. 76% of mobile phishing attacks sought to spoof a financial services website, with PayPal being the most common spoof of all. 3% were spoofing a telecommunications website. Spear-phishing email attachments most commonly use the .rtf file format. 76% of organizations continued to run Java 6 after...

The annual TrendLabs Security Report, published by Trend Micro, is well worth a read. Here are some interesting insights from their new report:

  • Trend’s software found that instances of mobile malware and high-risk apps had more than doubled between 2012 and 2013. Trend defines ‘high-risk’ apps as those which compromise user experience because they display unwanted ads, create unnecessary shortcuts, or gather device information without user knowledge nor consent.
  • 27% of malicious and high-risk mobile apps could be found on legitimate app stores such as Google Play. Blackberry found that 2% of repackaged Android apps were too risky, so blocked them from their Blackberry World market.
  • As well as using improved technology, criminals also took advantage of human gullibility with respect to innovation. For example, smartphone users who scan a QR code have no way of evaluating if the code is part of a malicious scheme.
  • 76% of mobile phishing attacks sought to spoof a financial services website, with PayPal being the most common spoof of all. 3% were spoofing a telecommunications website.
  • Spear-phishing email attachments most commonly use the .rtf file format.
  • 76% of organizations continued to run Java 6 after Oracle withdrew support for it. Java vulnerabilities accounted for 91% of web-based attacks in 2013.
  • Other old software continues to pose risks. For example, 95% of ATMs in the USA still run on Windows XP.
  • There were more online banking malware infections in the 4th quarter of 2013 than during the whole of 2012. This was partly due to especially severe spikes in the number of infections in Japan and Brazil, as criminals targeted opportunities in those countries.
  • What do Pope Francis, Iron Man 3, and Typhoon Haiyan have in common? They are the kinds of topics used to socially engineer victims of cybercrime.

The 2013 TrendLabs Security Report is available from here.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email